A recently disclosed maximum-severity security bug in the Aviatrix Controller centralized management platform for cloud networking is currently being actively targeted by multiple threat actors.

In a worst-case scenario, the vulnerability, identified as CVE-2024-50603 (CVSS 10), could allow an unauthenticated remote adversary to run arbitrary commands on an affected system and take full control of it. Attackers are currently exploiting the flaw to deploy XMRig cryptomining malware and the Sliver backdoor on vulnerable targets.

CVE-2024-50603: A High-Impact Vulnerability

The vulnerability presents an especially severe risk in Amazon Web Services (AWS) cloud environments, where Aviatrix Controller allows privilege escalation by default, researchers at Wiz Security Jessica MacGregor, spokeswoman for Aviatrix says the company issued an emergency patch for the vulnerability back in November 2024 given its potential severity. The security patch applied to all supported releases and also for versions of Aviatrix Controller for which support had ended two years ago. The company also reached out privately to customers via multiple targeted campaigns to make sure affected organizations applied the patch, MacGregor says.

While a significant portion of affected customers have applied the patch and recommended hardening measures, some organizations have not. And it is these customers that are experiencing the current attacks, she notes. “While we strongly recommend that customers remain current in their software, customers on Controller version 6.7+ who have applied the Security Patch can be protected even if they have not upgraded to the latest versions with the permanent fixes,” she says.

 MacGregor says Aviatrix wants anyone unable to upgrade or patch their systems to reach out so the company can work with them to harden their configuration based on best practices. “We will also work closely with customers that believe they been exploited to restore their Aviatrix software to a clean state.”